Adobe has warned that online criminals are attacking Internet Explorer and Firefox users via an as-yet-unpatched zero day vulnerability in Adobe Flash.
In a security advisory, Adobe says it plans to issue an emergency update for Flash this week patching the vulnerability known as CVE-2015-0313.
A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 18.104.22.1686 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Adobe expects to release an update for Flash Player during the week of February 2.
However, that will be too late for thousands of computer users who – according to Trend Micro – have been had their computers infected by visiting sites serving up malicious adverts that exploit the critical flaw.
Popular video-sharing site Dailymotion is said to have been one site seen distributing the malware attack via poisoned adverts.
This is, of course, the third time in the last few weeks that a zero-day vulnerability has been found in Adobe Flash. And it wouldn’t be any surprise at all if some computer users are feeling somewhat bruised by the bombardment of alerts and warnings.
Further reading: How to enable Click-to-Play in Adobe Flash.